Home / Knox Admin Portal / How-to guides / How-to guides /

Manage roles

Last updated November 19th, 2025

On the ROLES tab of the Administrators & Roles page, you can define roles with custom permissions for admins who manage one or more services. You can also define roles with common permissions to access cross-service features from the common device list.

Only admins with the Invite and manage administrators or Manage roles permission can access the consolidated Administrators & Roles page.

The Roles tab lists all the roles in your tenant. You can use the search bar lets to search for roles by name.

The roles list contains the following information:

Column Description
SERVICE The Knox service, or services, the role applies to.
ROLE NAME

Either Super admin or the name of a custom role, both of which you can click on. Depending on whether you click a super admin role or a custom role, the resulting pop up shows:

  • Super admin. The role details, along with a dropdown that lets you switch between services to view the permissions for each. The super admin is marked with a crown next to their name.

  • Custom role. The role details, its permissions, and the number of admins assigned to it.

    Important

    Custom roles for Knox Manage must be defined through the Knox Manage console instead. In the Knox Admin Portal roles list, custom Knox Manage roles are listed as Sub Admin.
DESCRIPTION A short phrase describing the organizational purpose of the role.
ADMINISTRATORS The number of admins assigned to the role. Click a number to see a full list of the admins and their information.

Create a role

To create a role with custom permissions:

  1. Click CREATE ROLE to the right of the search bar. The Create role page displays.

    Create role screen

  2. Select a Service for which to create the role.

    • Select Common to create a role with common permissions for select features across services. This role applies to the common device list only.

  3. Enter a Role name and Description (optional).

  4. Select the required Permissions. Note that permissions are shown based on the service you select.

  5. (Optional) Set the required permissions to create a Common role:

    Access Permission
    View enrollment profiles Common > Profiles > View-only or Manage enrollment profiles
    Create and edit enrollment profiles Common > Profiles > Manage enrollment profiles > Create and edit
    Delete enrollment profiles Common > Profiles > Manage enrollment profiles > Delete
    View device list Common > Devices > View-only or Manage devices
    Manage reseller preferences for device uploads Common > Devices > Manage devices > Manage reseller preferences for devices
    Assign or unassign enrollment profiles from common device list Common > Devices > Manage devices > Assign/Unassign enrollment profiles
    Approve device uploads from resellers Common > Devices > Manage devices > Approve devices
    Manage common tags in common device list Common > Devices > Manage devices > Manage common tags
    Delete devices from common device list to remove them from all services Common > Devices > Manage devices > Delete devices
    View resellers Common > Resellers > View-only or Manage resellers
    Register resellers Common > Resellers > Manage resellers > Register
    Delete resellers Common > Resellers > Manage resellers > Delete
    View company account settings For Samsung account for Business
    Common > Company account settings > View-only or sManage company account settings
    Manage company information For Samsung account for Business
    Common > Company account settings > Manage company account settings
    MSPs having this permission, can grant the permission to their customers.
    Invite admins and assign them the common role Common > Administrators and Roles > Invite and manage administrators
    Create roles and manage all permissions for a common role, including the permissions not assigned to them Common > Administrators and Roles > Manage roles

    For information about creating roles for other services, see each service’s documentation.

  6. Click SAVE.

While admins can create roles with any permissions, they can only assign roles that contain permissions that they have themselves.

Edit or delete a role

To edit an existing role, click its ROLE NAME to open the Edit role page. Similar to the Create role page, you can enter a new role name, description, and permissions for the service. However, you can’t reassign the role to another service.

Edit role screen

Once you’re finished editing, click SAVE to record your changes.

Alternatively, you can choose to delete the role. Click DELETE at the bottom of the page to remove the role from the list and remove the associated permissions for all admins who are assigned the role. Note that this action can’t be undone.

On this page

Is this page helpful?